CN107428247A - For the framework with the automatic drive assist system of sub conditione - Google Patents

For the framework with the automatic drive assist system of sub conditione Download PDF

Info

Publication number
CN107428247A
CN107428247A CN201680004930.1A CN201680004930A CN107428247A CN 107428247 A CN107428247 A CN 107428247A CN 201680004930 A CN201680004930 A CN 201680004930A CN 107428247 A CN107428247 A CN 107428247A
Authority
CN
China
Prior art keywords
computer
framework
redundant
sensor
brakes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201680004930.1A
Other languages
Chinese (zh)
Other versions
CN107428247B (en
Inventor
C.罗伯特
V.皮克隆
M.利曼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Valeo Schalter und Sensoren GmbH
Original Assignee
Valeo Schalter und Sensoren GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Valeo Schalter und Sensoren GmbH filed Critical Valeo Schalter und Sensoren GmbH
Publication of CN107428247A publication Critical patent/CN107428247A/en
Application granted granted Critical
Publication of CN107428247B publication Critical patent/CN107428247B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05DSYSTEMS FOR CONTROLLING OR REGULATING NON-ELECTRIC VARIABLES
    • G05D1/00Control of position, course or altitude of land, water, air, or space vehicles, e.g. automatic pilot
    • G05D1/0055Control of position, course or altitude of land, water, air, or space vehicles, e.g. automatic pilot with safety arrangements
    • G05D1/0077Control of position, course or altitude of land, water, air, or space vehicles, e.g. automatic pilot with safety arrangements using redundant signals or controls
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60KARRANGEMENT OR MOUNTING OF PROPULSION UNITS OR OF TRANSMISSIONS IN VEHICLES; ARRANGEMENT OR MOUNTING OF PLURAL DIVERSE PRIME-MOVERS IN VEHICLES; AUXILIARY DRIVES FOR VEHICLES; INSTRUMENTATION OR DASHBOARDS FOR VEHICLES; ARRANGEMENTS IN CONNECTION WITH COOLING, AIR INTAKE, GAS EXHAUST OR FUEL SUPPLY OF PROPULSION UNITS IN VEHICLES
    • B60K28/00Safety devices for propulsion-unit control, specially adapted for, or arranged in, vehicles, e.g. preventing fuel supply or ignition in the event of potentially dangerous conditions
    • B60K28/10Safety devices for propulsion-unit control, specially adapted for, or arranged in, vehicles, e.g. preventing fuel supply or ignition in the event of potentially dangerous conditions responsive to conditions relating to the vehicle 
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/023Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
    • B60R16/0231Circuits relating to the driving or the functioning of the vehicle
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W10/00Conjoint control of vehicle sub-units of different type or different function
    • B60W10/04Conjoint control of vehicle sub-units of different type or different function including control of propulsion units
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W10/00Conjoint control of vehicle sub-units of different type or different function
    • B60W10/18Conjoint control of vehicle sub-units of different type or different function including control of braking systems
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W10/00Conjoint control of vehicle sub-units of different type or different function
    • B60W10/18Conjoint control of vehicle sub-units of different type or different function including control of braking systems
    • B60W10/184Conjoint control of vehicle sub-units of different type or different function including control of braking systems with wheel brakes
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W10/00Conjoint control of vehicle sub-units of different type or different function
    • B60W10/20Conjoint control of vehicle sub-units of different type or different function including control of steering systems
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W50/00Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
    • B60W50/02Ensuring safety in case of control system failures, e.g. by diagnosing, circumventing or fixing failures
    • B60W50/023Avoiding failures by using redundant parts
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W60/00Drive control systems specially adapted for autonomous road vehicles
    • B60W60/005Handover processes
    • B60W60/0053Handover processes from vehicle to occupant
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W60/00Drive control systems specially adapted for autonomous road vehicles
    • B60W60/005Handover processes
    • B60W60/0061Aborting handover process
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W60/00Drive control systems specially adapted for autonomous road vehicles
    • B60W60/007Emergency override
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05DSYSTEMS FOR CONTROLLING OR REGULATING NON-ELECTRIC VARIABLES
    • G05D1/00Control of position, course or altitude of land, water, air, or space vehicles, e.g. automatic pilot
    • G05D1/0055Control of position, course or altitude of land, water, air, or space vehicles, e.g. automatic pilot with safety arrangements
    • G05D1/0061Control of position, course or altitude of land, water, air, or space vehicles, e.g. automatic pilot with safety arrangements for transition from automatic pilot to manual pilot and vice versa
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05DSYSTEMS FOR CONTROLLING OR REGULATING NON-ELECTRIC VARIABLES
    • G05D1/00Control of position, course or altitude of land, water, air, or space vehicles, e.g. automatic pilot
    • G05D1/02Control of position or course in two dimensions
    • G05D1/021Control of position or course in two dimensions specially adapted to land vehicles
    • G05D1/0231Control of position or course in two dimensions specially adapted to land vehicles using optical position detecting means
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05DSYSTEMS FOR CONTROLLING OR REGULATING NON-ELECTRIC VARIABLES
    • G05D1/00Control of position, course or altitude of land, water, air, or space vehicles, e.g. automatic pilot
    • G05D1/02Control of position or course in two dimensions
    • G05D1/021Control of position or course in two dimensions specially adapted to land vehicles
    • G05D1/0257Control of position or course in two dimensions specially adapted to land vehicles using a radar
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0796Safety measures, i.e. ensuring safe condition in the event of error, e.g. for controlling element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/2015Redundant power supplies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/202Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
    • G06F11/2048Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant where the redundant components share neither address space nor persistent storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40169Flexible bus arrangements
    • H04L12/40176Flexible bus arrangements involving redundancy
    • H04L12/40195Flexible bus arrangements involving redundancy by using a plurality of nodes
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W50/00Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
    • B60W2050/0001Details of the control system
    • B60W2050/0002Automatic control, details of type of controller or control system architecture
    • B60W2050/0004In digital systems, e.g. discrete-time systems involving sampling
    • B60W2050/0005Processor details or data handling, e.g. memory registers or chip architecture
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W50/00Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
    • B60W2050/0001Details of the control system
    • B60W2050/0002Automatic control, details of type of controller or control system architecture
    • B60W2050/0004In digital systems, e.g. discrete-time systems involving sampling
    • B60W2050/0006Digital architecture hierarchy
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W50/00Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
    • B60W2050/0001Details of the control system
    • B60W2050/0043Signal treatments, identification of variables or parameters, parameter estimation or state estimation
    • B60W2050/0044In digital systems
    • B60W2050/0045In digital systems using databus protocols
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W50/00Details of control systems for road vehicle drive control not related to the control of a particular sub-unit, e.g. process diagnostic or vehicle driver interfaces
    • B60W50/02Ensuring safety in case of control system failures, e.g. by diagnosing, circumventing or fixing failures
    • B60W50/0205Diagnosing or detecting failures; Failure detection models
    • B60W2050/0215Sensor drifts or sensor failures
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60WCONJOINT CONTROL OF VEHICLE SUB-UNITS OF DIFFERENT TYPE OR DIFFERENT FUNCTION; CONTROL SYSTEMS SPECIALLY ADAPTED FOR HYBRID VEHICLES; ROAD VEHICLE DRIVE CONTROL SYSTEMS FOR PURPOSES NOT RELATED TO THE CONTROL OF A PARTICULAR SUB-UNIT
    • B60W2420/00Indexing codes relating to the type of sensors based on the principle of their operation
    • B60W2420/40Photo or light sensitive means, e.g. infrared sensors
    • B60W2420/403Image sensing, e.g. optical camera
    • B60W2420/408
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/805Real-time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Abstract

It is used for the framework with the automatic drive assist system of sub conditione the present invention relates to a kind of, it can control the automatic emergency of vehicle to stop, including:The group (2) of the sensor of at least three kinds different technologies, for observing the region of vehicle front;Master computer (10), it can be via the first upstream data traffic network from the sensor group (2) receive information, and transmits commands to via the first downstream communication network the first computer (3), the second computer (4) to brakes and the 3rd computer (5) to steering control system of engine control system;Redundant computer (11), can be via the second upstream data traffic network from the sensor group receive information;Main power source, link to each computer;And stand-by power supply.The framework includes the second downstream communication network, redundant computer (11) is only connected to the second computer (4) of brakes by it, ordered for transmitting, and stand-by power supply is only connected to master computer (10), the second computer (4) to redundant computer (11) and to brakes.

Description

For the framework with the automatic drive assist system of sub conditione
Technical field
The present invention relates generally to the motor vehicles equipped with automatic Pilot accessory system, and more accurately, is related to so-called " sub conditione is automatic " system.
Background technology
Driving is advanced automatically, and to solve a large amount of problems, such as safe, mobility, environmental protection drive and to owner Driving accessibility.Now, there can be full-automatic unmanned driving's vehicle in specific regions.For having with automatic road vehicle The project of pass is not that so, before automatic road vehicle sale is seen, such vehicle has many problems to need to solve, special It is not in legal field and security fields.Especially, in the case where the automatic road vehicle of driver be present, Vienna Convention Require that driver must can always control his vehicle in the 8.5th article.
The automatic road vehicle standard committees of SAE (initial of Society of automotive engineers) disclose new report recently, The classification (" classification on the term of road vehicle automated driving system on January 16 in 2014 of automatic Pilot grade is provided And definition ", standard J3016), driven for being shared between each classification grade, including driver and one or more automatic systems Sail the rule of supervision and management.More accurately, this report defines six grades, does not have the grade 0 of any automatic system from vehicle To the completely automatic class 5 of vehicle, therebetween by different automaticities, wherein, the share increase automated every time, drive The share of member's responsibility reduces.Thus:
- grade 1 corresponds to drive assist system, its only relate to vehicle it is longitudinally controlled (for example, by initial ACC or System known to " auto-cruising control "), or the crosswise joint of vehicle is only related to (for example, for aiding in the path in track The system of holding, or the system of the auxiliary lane change for being used in the case where process condition is stopped or avoided after overtaking other vehicles or overtaking other vehicles);
- grade 2 corresponds to so-called " part is automatic " grade, wherein, car can be combined in one or more drive assist systems Horizontal and vertical control;
- grade 3 corresponds to so-called " sub conditione is automatic " grade, wherein, driver on the time span being determined and It is allowed to not be absorbed in driving on particular type road (such as high speed).Automatic system associated therewith then supervises the transverse direction of vehicle And/or it is longitudinally controlled, but must concede responsibility to driver problematic when.
- class 4 corresponds to the fully automated of vehicle, but driver drives with appointing under any circumstance and wished at him When return his possibility, this is independently of duration and any specific region;
- class 5 corresponds to fully automated vehicle, and driver is without the possibility of interaction.
U.S. federal agencies the NHTSA (" national highways of responsible road safety are corresponded essentially to according to SAE grade 0 to 5 Transportation Security Administration ") grade 0 to 4.
Due to the aforesaid clause of Vienna Convention, there are currently no allowed by law for the vehicle in grade 3 to 5.Grade 0 to 2 another aspects are allowed to, because driver is actually still unique regulator of driving.
Concern after this is according to the project of the following automotive vehicle of the grade 3 of SAE or NHTSA standards, and it is equipped There is sub conditione automatic system.The receiving of the modification --- it applies permanent driver's responsibility now --- of Vienna Convention is as most It is low to require to implement a number of safe operation program and allow driver to return to supervision state in thrashing Strategy.
Especially important strategy is related to returns to safe condition in the case where driver can not recapture control.In the situation Under, and be especially sufficient that when vehicle is being advanced on highway with relatively low speed for system, on its travel lane Carry out the stopping of vehicle.The each stage generally implemented in the tactful application schematically shows in Fig. 1, and it shows this Act the result to the function as the time of car speed.
In the Fig. 1, td represents that this requires that driver recaptures control in theory at the time of detecting of serious failure.From this Moment, sub conditione automatic system admittedly must concede control to driver, but must be sure that in short time span (typical case Ground five to ten seconds) function, to allow driver veritably to recapture the control of driving.The stage is in figure by the table of stage _ 1 Show, and show that the speed of vehicle keeps constant.If driver does not react when completing at this stage _ 1, system starts to relax Brake (being in Fig. 1 stage _ 2, and five to ten seconds) in ground.Finally, if driver does not still have when completing at this stage _ 2 Reaction, the then bigger braking of system instruction, until vehicle stops completely.The stage is represented by stage _ 3 in Fig. 1.
From the visual angle of function, in order to ensure returning to safe condition, sub conditione automatic system allows for checking before vehicle Fang Fasheng what, brakes and engine control system can be controlled to regulate the speed as a result, and electricity can be controlled Sub- steering control system, to be maintained in same driving lane.
These requirements in terms of safe operation are directed to use with the framework with big redundancy, and thus significantly affecting these is The cost of system.Thus, according to international standard ISO 26262 --- it is according to referred to as " ASIL A, ASIL B, ASIL C and ASIL D " (initial for representing automotive safety integrity level) four grades especially define failure Critical Classification, (the attached bar of grade 3 Part is automatic) must be ASIL D, thus especially propose that vehicle has the regulation of the sensor of at least three different technologies, to see Examine the same region of vehicle environmental.Therefore ensure that the performance evaluation of good detection, it is sufficient to matched with ASIL D Security Targets, and External disturbance emitter prevents the sensor of three types while failed.
In addition, in known framework, the computer of system, (typically via CAN) allow one side sensor Other computers (brakings being related to the computer with the computer of another aspect system and for returning to the strategy of safe condition Component computer, engine control computer and course changing control computer) between exchange connection and these computers behaviour Power supply is generally double necessary to work, to ensure operation peace in the case of on the computer failure of sub conditione security system Entirely.
The content of the invention
It is used for that to there is the payable of the automatic drive assist system of the sub conditione of grade -3 the purpose of the present invention is to propose to a kind of The framework of cost.
Thus, subject of the present invention is a kind of framework for being used to have the automatic drive assist system of sub conditione, and it can The automatic emergency of vehicle is controlled to stop, including:
The group of the sensor of-at least three kinds different technologies, for observing the region of vehicle front;
- master computer, it can be by the first upstream data traffic network from the sensor group receive information, and passes through First downstream communication network transmits commands to the first computer of engine control system, the second computer to brakes With the 3rd computer to steering control system;
- redundant computer, it can be by the second upstream data traffic network from the sensor group receive information;
- main power source, link to each computer;With
- stand-by power supply;
Characterized in that, it includes the second downstream communication network, it only links to redundant computer the institute of brakes Second computer is stated, orders, and is for transmitting, stand-by power supply is simply linked to master computer, to redundant computer and to making The second computer of dynamic system.
According to other possible features of the framework:
- the first and second upstream and downstream data communication networks are serial data bus networks, it is therefore preferable to CAN network;
- redundant computer is identical with master computer, and in this case, both of which has identical failure critical level, Preferably ASIL D grades;
- variant is used as, redundant computer can only have the failure critical level lower than master computer, e.g. ASIL B etc. Level, if master computer is ASIL D;
- the sensor group is for example including at least one imaging sensor, a radar sensor and a laser sensor;
- redundant computer can link to master computer, and be controlled as so as to only feelings in the failure on master computer Under condition, by the second upstream data traffic network from the sensor group receive information;
- variant is used as, redundant computer is for good and all received by the second upstream data traffic network from the sensor group Information, or even in the case of not on the failure of master computer.
Brief description of the drawings
The following description of refer to the attached drawing, the present invention and its advantage brought are better understood with, in the accompanying drawings:
Fig. 1, have been described above, it is schematically shown by being returned with the automatic drive assist system of sub conditione The stage implemented to the known strategy of safe condition;
Fig. 2 schematically shows a kind of exemplary architecture according to the present invention, for automatically driving auxiliary with sub conditione System.
Embodiment
Through this specification, the drive assist system of any grade 3 (SAE/NHTSA) is referred to as " having sub conditione automatic Drive assist system ".
A kind of to be used for the framework with the automatic drive assist system of sub conditione with reference to figure 2, it can control oneself of vehicle Move emergent stopping and the scene according to Fig. 1 ensures to return to safe condition, generally include kernel control module 1, the core control Molding block includes:
- on the one hand, master computer 10, its can by the first upstream data traffic network from the receive information of sensor group 2, The sensor group 2 can observe the region of front part of vehicle;
- on the other hand, redundant computer 11, master computer 10 is linked to, and the second upstream data traffic net can be passed through Network is from the receive information of sensor group 2.
There is the system ASIL D to fail critical level, hence for group 2, be arranged to different be used to sense using three kinds The technology of device.Thus, as non-limitative example, the group 2 may include at least one 20, radar sensors of laser sensor 21 and an imaging sensor 22.No matter using the combination of which kind of different technologies (or type), principle of the invention is all to answer .
In fig. 2, the first upstream network is included between sensor 20 to 22 and master computer 10 solid line such as and schematically shown Three connections gone out, and the second upstream network is included between these sensors 20 to 22 and redundant computer 10 dotted line such as and illustrated Property shown in three connection.
The effect of master computer 10 is information of the processing from sensor 20 to 22, and especially, if necessary, should With the strategy for returning to safe condition, as described in reference to fig. 1.Thus, the computer 10 can transmit appropriate order and extremely exist The each computer for the vehicle being related in the strategy, is especially transmitted separately to:
First computer 3 of-engine control system,
The second computer 4 of-brakes;With
3rd computer 5 of-steering control system.
The transmission of order is performed by the first downstream communication network, and it passes through master computer 10 and three computers 3,4 and 5 Between solid line connection represent.
All above computer are powered by main power source, such as the battery (+BAT1 in Fig. 2).
The effect of redundant computer 11 is that its own is replaced by into master computer in the case where master computer 10 fails.
According to the present invention, instead of turning over for the downstream communication network between the computer of the system and three computers 3,4 and 5 Times, it is arranged to herein, there is provided redundant computer 11 is simply linked to the second downstream communication net of the second computer 4 of brakes Network, the transmission for order.The second downstream communication network uses dotted line table between redundant computer 11 and brake calculation machine 4 Show.
The control of the type is enough the steering for also controlling vehicle, particularly low speed.In fact, the computer of brakes shows It is being so-called ESP computers (initial for representing ESP) entirely, it can order each wheel in a different manner On braking, and thus accomplish that vehicle is maintained in its track, until its stopping.
In addition, in order to alleviate main power source+BAT1 possible breakdown, the stand-by power supply (+BAT2 in Fig. 2) --- it is, for example, electricity Pond --- it is set in the architecture.Herein again, by the way that the stand-by power supply is arranged to only by master computer 10, standby meter Calculation machine 11 and the computer of brakes 4 are used alone, and the framework, which is simplified to, only remains necessary degree.
In other words, component computer downstream is included in so that being only used for the calculating of brakes according to the framework of the present invention The communication network and dual power supply of machine 4 form redundancy.
This causes cost to reduce, and it is never limited in the guarantor that safe condition is returned in the case where driver can not recapture control Card.
In Fig. 2 framework, have been contemplated that, redundant computer 11 is linked to master computer 10, so as to which it is only in host computer Machine operates in the case of failing in reception and transmitting.
But in the case of without departing from the scope of the present invention, two computers 10 and 11 can not be linked.In the feelings Under condition, two for good and all parallel work-flows of computer 10 and 11, and in the case where master computer fails, the computer 3,4 in downstream Standby mode is switched to 5.This is then " hot redundancy ".The program allows to reconstruct faster but consume more energy.

Claims (9)

1. a kind of be used for the framework with the automatic drive assist system of sub conditione, it can control the automatic emergency of vehicle to stop Only, including:
The group (2) of the sensor of-at least three kinds different technologies, for observing the region of vehicle front;
- master computer (10), its can by the first upstream data traffic network from the sensor group (2) receive information, and The first computer (3) of engine control system is transmitted commands to by the first downstream communication network, transmitted to brakes Second computer (4) and transmit to the 3rd computer (5) of steering control system;
- redundant computer (11), it can be by the second upstream data traffic network from the sensor group receive information;
- main power source, link to each computer;With
- stand-by power supply;
Characterized in that, it includes the second downstream communication network, redundant computer (11) is only linked to the brakes by it Second computer (4), order for transmitting, and be characterised by, stand-by power supply is simply linked to master computer (10), to standby meter Calculation machine (11) and the second computer (4) to brakes.
2. framework as claimed in claim 1, it is characterised in that the first and second upstream and downstream data communication networks are serial Data bus network.
3. framework as claimed in claim 2, it is characterised in that the first and second upstream and downstream data communication networks are CAN Network.
4. the framework as described in any one of preceding claims, it is characterised in that redundant computer (11) and master computer (10) it is identical.
5. the framework as described in any one of Claims 1-4, it is characterised in that redundant computer (11) has than analytic accounting The low failure critical level of calculation machine (10).
6. framework as claimed in claim 5, it is characterised in that the failure critical level of master computer (10) is ASIL D, standby Failure critical level with computer (11) is ASIL B.
7. the framework as described in any one of preceding claims, it is characterised in that the sensor group (2) includes at least one Individual imaging sensor, a radar sensor and a laser sensor.
8. the framework as described in any one of preceding claims, it is characterised in that redundant computer (11) links to analytic accounting Calculation machine (10), and be controlled such that and only lead in the case of the failure on master computer (10), by the second upstream data Communication network is from the sensor group receive information.
9. the framework as described in any one of claim 1 to 7, it is characterised in that redundant computer (11) is by second Data communication network is swum from the sensor group for good and all receive information, or even in the not failure on master computer (10) In the case of.
CN201680004930.1A 2015-01-05 2016-01-04 Architecture for a driving assistance system with conditional automation Active CN107428247B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR1500005A FR3031406B1 (en) 2015-01-05 2015-01-05 ARCHITECTURE FOR CONDITIONAL AUTOMATION DRIVING ASSISTANCE SYSTEM
FR1500005 2015-01-05
PCT/EP2016/050025 WO2016110464A1 (en) 2015-01-05 2016-01-04 Architecture for a driving assistance system with conditional automation

Publications (2)

Publication Number Publication Date
CN107428247A true CN107428247A (en) 2017-12-01
CN107428247B CN107428247B (en) 2020-04-21

Family

ID=52737289

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680004930.1A Active CN107428247B (en) 2015-01-05 2016-01-04 Architecture for a driving assistance system with conditional automation

Country Status (6)

Country Link
US (1) US20180267535A1 (en)
EP (1) EP3242823B1 (en)
JP (1) JP6655624B2 (en)
CN (1) CN107428247B (en)
FR (1) FR3031406B1 (en)
WO (1) WO2016110464A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107908186A (en) * 2017-11-07 2018-04-13 驭势科技(北京)有限公司 For the method and system for controlling automatic driving vehicle to run
CN108089579A (en) * 2017-12-13 2018-05-29 南京多伦科技股份有限公司 A kind of intelligent robot automated driving system
CN111661062A (en) * 2019-03-05 2020-09-15 阿里巴巴集团控股有限公司 Automatic driving control method, device and system
CN112356846A (en) * 2020-11-19 2021-02-12 中国第一汽车股份有限公司 Automatic driving control system and method and vehicle
CN113093618A (en) * 2021-04-06 2021-07-09 北京航空航天大学 Brake controller hardware architecture and control method

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102017207483A1 (en) * 2016-12-15 2018-06-21 Continental Teves Ag & Co. Ohg CONTROL DEVICE FOR A VEHICLE, BRAKE CONTROL DEVICE AND METHOD FOR CONTROLLING A VEHICLE
EP3376249A1 (en) * 2017-03-17 2018-09-19 Veoneer Sweden AB Enhanced object position detection
FR3071800B1 (en) * 2017-09-29 2021-04-02 Psa Automobiles Sa DRIVING ASSISTANCE PROCESS OF A VEHICLE IN THE EVENT OF A FAILURE OF A NETWORK AND ASSOCIATED SYSTEM
DE102017217856A1 (en) 2017-10-06 2019-04-11 Volkswagen Aktiengesellschaft Brake system for a motor vehicle and method for operating a brake system
DE102017218898A1 (en) 2017-10-23 2019-04-25 Volkswagen Aktiengesellschaft Control system for a battery system
DE102017010716A1 (en) * 2017-11-10 2019-05-16 Knorr-Bremse Systeme für Nutzfahrzeuge GmbH System for at least partially autonomous operation of a motor vehicle with double redundancy
GB201720266D0 (en) * 2017-12-05 2018-01-17 Trw Ltd Controlling the operation of a vehicle
US10678243B2 (en) 2018-02-13 2020-06-09 Chongqing Jinkang New Energy Vehicle Co., Ltd. Systems and methods for scalable electrical engineering (EE) architecture in vehicular environments
FR3080073B1 (en) * 2018-04-12 2020-12-18 Psa Automobiles Sa AUXILIARY ELECTRICAL POWER SUPPLY FOR VEHICLE
JP7215315B2 (en) * 2019-04-26 2023-01-31 トヨタ自動車株式会社 vehicle system
EP3778309B1 (en) * 2019-08-15 2022-04-13 Apollo Intelligent Driving Technology (Beijing) Co., Ltd. Autonomous vehicle and system for autonomous vehicle
CN112634371B (en) 2019-09-24 2023-12-15 阿波罗智联(北京)科技有限公司 Method and device for outputting information and calibrating camera
WO2021076888A1 (en) * 2019-10-16 2021-04-22 Lhp, Inc. Safety supervisor system for vehicles
CN112298208B (en) * 2020-10-21 2022-05-17 长城汽车股份有限公司 Automatic driving transverse auxiliary control method and transverse auxiliary system
CA3197021A1 (en) * 2020-10-30 2022-05-05 Hongchao RUAN Information transmission method, control apparatus, electromagnetic signal transceiver apparatus, and signal processing device
US11807259B2 (en) * 2020-11-30 2023-11-07 Nuro, Inc. Hardware systems for an autonomous vehicle
WO2022118459A1 (en) 2020-12-04 2022-06-09 日産自動車株式会社 Redundant system
US20220324434A1 (en) * 2021-04-09 2022-10-13 Steering Solutions Ip Holding Corporation System and method to determine second ecu state using shared sensor in a dual ecu system
CN113359759B (en) * 2021-06-24 2023-05-09 中国第一汽车股份有限公司 Automatic driving-based parking control method, system, vehicle and storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6856045B1 (en) * 2002-01-29 2005-02-15 Hamilton Sundstrand Corporation Power distribution assembly with redundant architecture
DE102005014736A1 (en) * 2004-04-13 2005-11-17 General Motors Corp. (N.D.Ges.D. Staates Delaware), Detroit Vehicle control system and method
WO2006094991A1 (en) * 2005-03-10 2006-09-14 Continental Teves Ag & Co. Ohg System for electronically controlling a motor vehicle brakes
US20100063672A1 (en) * 2008-09-11 2010-03-11 Noel Wayne Anderson Vehicle with high integrity perception system
EP2587330A2 (en) * 2011-10-27 2013-05-01 Diehl BGT Defence GmbH & Co.KG Control device for at least partially autonomous operation of a vehicle and vehicle with such a control device
WO2013150244A1 (en) * 2012-04-05 2013-10-10 Renault S.A.S. Autonomous mode vehicle control system and vehicle comprising such a control system
DE102012210106A1 (en) * 2012-06-15 2013-12-19 Robert Bosch Gmbh Sensor arrangement for an electrical / electronic architecture and associated electrical / electronic architecture for a vehicle
DE102013020177A1 (en) * 2013-11-30 2014-06-18 Daimler Ag Motor car, has sensor systems actuated by main control unit in nominal operating mode, and replacement control unit controlling sensor systems if mistake arises in main control unit in emergency operation state
WO2014138764A1 (en) * 2013-03-14 2014-09-18 Fts Computertechnik Gmbh Method for limiting the risk of errors in a redundant, safety-related control system for a motor vehicle
CN104249623A (en) * 2013-06-28 2014-12-31 卡特彼勒公司 Retarding system for electric drive machine

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4654846A (en) * 1983-12-20 1987-03-31 Rca Corporation Spacecraft autonomous redundancy control
DE10052261A1 (en) * 2000-10-19 2002-05-02 Deere & Co Control device for the parking lock of a motor vehicle
US6527348B2 (en) * 2001-05-22 2003-03-04 Caterpillar Inc Braking system for a construction machine
JP3866536B2 (en) * 2001-06-27 2007-01-10 株式会社デンソー Vehicle automatic driving system
US6885927B2 (en) * 2002-04-17 2005-04-26 Honda Giken Kogyo Kabushiki Kaisha Apparatus for controlling an electric power steering system
US7117390B1 (en) * 2002-05-20 2006-10-03 Sandia Corporation Practical, redundant, failure-tolerant, self-reconfiguring embedded system architecture
JP4848027B2 (en) * 2004-01-30 2011-12-28 日立オートモティブシステムズ株式会社 Vehicle control device
JP4345547B2 (en) * 2004-03-31 2009-10-14 トヨタ自動車株式会社 Hybrid vehicle control system
JP2008149807A (en) * 2006-12-15 2008-07-03 Hitachi Ltd Vehicle load control device
RU2585262C2 (en) * 2010-03-23 2016-05-27 Континенталь Тевес Аг Унд Ко. Охг Control computer system, method of controlling control computer system and use of control computer system
ES2392390T3 (en) * 2010-05-25 2012-12-10 Fiat Group Automobiles S.P.A. Operation management of the electrical system of a car while driving in neutral and / or when the engine is stopped
DE102012203673A1 (en) * 2011-03-09 2012-10-04 Continental Teves Ag & Co. Ohg Safety device for a motor vehicle and method for operating a motor vehicle
DE102011108292A1 (en) * 2011-07-21 2012-04-05 Daimler Ag Method for operating driver assistance device of vehicle, involves determining scenario-dependent sensor variances or sensor variances depending on driver assistance device in context of error propagation determination
JP2014180941A (en) * 2013-03-19 2014-09-29 Denso Corp Vehicle passenger protection device
JP2015013541A (en) * 2013-07-04 2015-01-22 株式会社ジェイテクト Electric power steering device
US9266518B2 (en) * 2013-11-08 2016-02-23 GM Global Technology Operations LLC Component control system for a vehicle
JP5867495B2 (en) * 2013-12-20 2016-02-24 株式会社デンソー Electronic control unit
US9563590B2 (en) * 2014-03-17 2017-02-07 Nxp Usa, Inc. Devices with arbitrated interface busses, and methods of their operation

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6856045B1 (en) * 2002-01-29 2005-02-15 Hamilton Sundstrand Corporation Power distribution assembly with redundant architecture
DE102005014736A1 (en) * 2004-04-13 2005-11-17 General Motors Corp. (N.D.Ges.D. Staates Delaware), Detroit Vehicle control system and method
WO2006094991A1 (en) * 2005-03-10 2006-09-14 Continental Teves Ag & Co. Ohg System for electronically controlling a motor vehicle brakes
US20100063672A1 (en) * 2008-09-11 2010-03-11 Noel Wayne Anderson Vehicle with high integrity perception system
EP2587330A2 (en) * 2011-10-27 2013-05-01 Diehl BGT Defence GmbH & Co.KG Control device for at least partially autonomous operation of a vehicle and vehicle with such a control device
WO2013150244A1 (en) * 2012-04-05 2013-10-10 Renault S.A.S. Autonomous mode vehicle control system and vehicle comprising such a control system
DE102012210106A1 (en) * 2012-06-15 2013-12-19 Robert Bosch Gmbh Sensor arrangement for an electrical / electronic architecture and associated electrical / electronic architecture for a vehicle
US20150151694A1 (en) * 2012-06-15 2015-06-04 Robert Bosch Gmbh Sensor system for an electric/electronic architecture and associated electric/electronic architecture for a vehicle
WO2014138764A1 (en) * 2013-03-14 2014-09-18 Fts Computertechnik Gmbh Method for limiting the risk of errors in a redundant, safety-related control system for a motor vehicle
CN104249623A (en) * 2013-06-28 2014-12-31 卡特彼勒公司 Retarding system for electric drive machine
DE102013020177A1 (en) * 2013-11-30 2014-06-18 Daimler Ag Motor car, has sensor systems actuated by main control unit in nominal operating mode, and replacement control unit controlling sensor systems if mistake arises in main control unit in emergency operation state

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107908186A (en) * 2017-11-07 2018-04-13 驭势科技(北京)有限公司 For the method and system for controlling automatic driving vehicle to run
CN108089579A (en) * 2017-12-13 2018-05-29 南京多伦科技股份有限公司 A kind of intelligent robot automated driving system
CN111661062A (en) * 2019-03-05 2020-09-15 阿里巴巴集团控股有限公司 Automatic driving control method, device and system
CN112356846A (en) * 2020-11-19 2021-02-12 中国第一汽车股份有限公司 Automatic driving control system and method and vehicle
CN113093618A (en) * 2021-04-06 2021-07-09 北京航空航天大学 Brake controller hardware architecture and control method

Also Published As

Publication number Publication date
US20180267535A1 (en) 2018-09-20
EP3242823B1 (en) 2018-10-03
CN107428247B (en) 2020-04-21
JP2018504309A (en) 2018-02-15
FR3031406A1 (en) 2016-07-08
WO2016110464A1 (en) 2016-07-14
EP3242823A1 (en) 2017-11-15
FR3031406B1 (en) 2017-07-28
JP6655624B2 (en) 2020-02-26

Similar Documents

Publication Publication Date Title
CN107428247A (en) For the framework with the automatic drive assist system of sub conditione
CN110254512B (en) Design method for functional safety architecture of steering system of distributed intelligent electric vehicle
DE102017209721B4 (en) Device for controlling a safety-relevant process, method for testing the functionality of the device, and motor vehicle with the device
CN103072575B (en) A kind of Initiative anti-collision method of vehicle
US8185288B2 (en) Brake system for a vehicle and a method for operating a brake system for a vehicle
US10994709B2 (en) System for driverless operation of utility vehicles
CN104176052A (en) Apparatus and method for preventing collision with vehicle
US9421960B2 (en) Braking installation for a railway train including a plurality of wagons for transporting goods
CN109249873A (en) A kind of automatic driving vehicle chassis system and Standby control method
CN110712677B (en) Redundant electric power steering system of automatic driving vehicle and control method thereof
EP3385934B1 (en) Device for controlling a safety-relevant process, method for testing the functionality of the device, and motor vehicle using the device
CN112542053A (en) Method and device for performing a function of a motor vehicle
EP3805037B1 (en) Method and system to control at least two electric motors driving a vehicle
CN104071111A (en) Full trailer train instability prevention real-time monitoring and early warning system
CN102756669B (en) Multiplex control system, transport device with multiplex control system and control method
Yu et al. Fallback strategy for level 4+ automated driving system
Sari et al. Fail-operational safety architecture for ADAS systems considering domain ECUs
CN105313880B (en) Motor vehicle with at least two drive actuators and increased fail safety
DE102021120719A1 (en) Tertiary control system for steering, braking, and motion control systems in autonomous vehicles
CN116668992A (en) Vehicle accident handling method, computer readable storage medium and vehicle
DE102019124321A1 (en) PERFORMANCE MANAGEMENT FAILURE IN VEHICLES
CN109305173A (en) A kind of pilotless automobile chassis control system backup method
CN103253274B (en) First driver expects the method and control system of the credibility Analysis of sensor
CN109435875A (en) A kind of pilotless automobile chassis power supply system backup method
Matsuoka Development and future outlook of steering systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant